CCPA is here and we’ve got your back.
Privacy and data regulations are on everyone’s mind in the new year, as they should be, especially with the California Consumer Privacy Act (CCPA) coming into play. At Agile Education Marketing, we will continue to comply with all state and federal laws regarding personal data and privacy. With a new year and new regulations, this is a great time to focus on your data to ensure it meets the same laws and regulations. That means paying closer attention to your in-house customer and prospect data as well as the data that you get from a third party.
At Agile we want you to have high quality data across all your systems and programs that help you manage a successful business. To ensure we provide you with the highest quality data that meets all laws and regulations we take compilation, management and delivery very seriously. Meaning that our process honors requests for information and opt-out status. The data we compile is the result of publicly available data and information.
We ensure that the compilation, management and delivery of our data is in full compliance with federal, state and local laws, rules and regulations – one of the many benefits of using a third-party data provider like Agile. In all our client agreements we represent uses and applications of our data in line with all the same rules and regulations in addition to best practice guidelines. Want to make sure you’re compliant? Reach out!
In the new year what do you need to do with your own data and information?
COMPLIANCE – should be your number one objective. Having a mechanism for people to look up what information you have and honoring opt-out requests in a timely manner – this is required by the new California Consumer Privacy Act. At Agile, our Development team created this look up request page: https://personalinforequest.agile-ed.com
Keep up with the latest on CCPA at https://oag.ca.gov/privacy/ccpa and check out this fact sheet.
The Basics
(From the California Legislative Website )
What rights do California consumers have?
- know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information
- Delete personal information held by businesses and by extension, a business’s service provider
- Opt-out of sale of personal information. Consumers can direct a business that sells personal information to stop selling that information.
- Children under the age of 16 must provide opt in consent,with a parent or guardian consenting for children under 13.
- The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
Which businesses must comply?
- Has gross annual revenues in excess of $25 million
- Buys,receives, or sells the personal information of 50,000 or more consumers, households,or devices
- Derives 50% or more of annual revenues from selling consumers’ personal information.
- Businesses that handle the personal information of more than 4 million consumers will have additional obligations.
What obligations do these businesses have?
- Businesses subject to the CCPA must provide notice to consumers at or before data collection.
- Businesses must create procedures to respond to requests from consumers to opt-out, know, and delete. Businesses must verify the identity of consumers who make requests to know and to delete, whether the consumer maintains a password-protected account with the business.
- For requests to opt-out, businesses must provide a “Do Not Sell My Info” link on their website or mobile app.
- Businesses must respond to requests from consumers to know,delete, and opt-out within specific time frames.
CALIFORNIA DEPARTMENT OF JUSTICE OFFICE OF THE ATTORNEY GENERAL
As proposed by the draft regulations, if a business is unable to verify a request, it may deny the request, but must comply to the greatest extent it can. For example, it must treat a request to delete as a request to opt-out.
Businesses must disclose financial incentives permitted by CCPA and offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information.
Businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.
Good practice – purge aged and inactive records. Reducing your number of records reduces any expense associated with record volume and removes people who are no longer in the market to buy what you offer. This also has the effect of focusing your sales teams’ work on active and engaged prospects and opportunities. (Any reference to our aggressive data cleaning here at Agile or leave it out?)
Best practice – when developing direct communication programs, engagement of the targeted audience is the primary driver of deliverability and inbox placement. At Agile we not only offer basic contact information but hundreds of rich data points that can inform your targeting and segmentation. Each message can be tailored to geographic aspects, funding levels, ESSA, personnel roles, or district size.
